This is a good question. This comes up frequently with new users, as well as with experienced programmers who never quite got used to Unix, or who stubbornly stick to their old routines.
–
Stefan LasiewskiJun 30 '10 at 18:21

5 Answers
5

I agree with @Dennis's statement. Don't add '.' to your PATH. It's a security risk, because it would make it more possible for a cracker to override your commands. For a good explanation, see http://www.linux.org/docs/ldp/howto/Path-12.html .

For example, pretend I was a cracker and I created a trojaned files like /tmp/ls , like so. Pretend that this was on a shared system at a university or something.

Yes, adding ./ is ok, so running cd ~/Desktop; ./highest will work. The problem is as you said: running highest by itself causes Linux to look in your $PATH for anything named highest, and since there's nothing there called that, it fails. Running ./highest while in the right directory gets around the problem altogether since you are specifying the path to the executable.

The best thing you can do is just get used to using ./highest when you want to run a command that is in your directory, unless you really want to add it to your path. Then you should add it to your path in your .profile file in your home directory (create it if it isn't there) so it gets loaded into your path every time you start up bash:

Just for the session unless you add those two lines to your profile script. This is a script that is located in your home directory as either .profile or .bash_profile. This script gets run everytime you start a new session and you can setup persistant session environment changes there to always occur when you login (under most circumstances...there are times it would not).
–
REWJun 29 '10 at 17:43

5

Don't add the current directory '.' to the $PATH as it poses a security risk!
–
B JohnsonJun 30 '10 at 17:48

There IS a reason that this is not done by default. If you add . to your path, and then you execute say, ls, what if there is a malicious program in that directory called 'ls'? That one will be executed instead of /bin/ls. Don't change your $PATH. Just run ./command to execute a file in the current directory, as the Gods of Bash intended.
–
JALJun 30 '10 at 17:58

1

More pragmatically, you should get used to ./ because otherwise every time you used a new Linux system or reinstalled you'd have to edit the login profile, which may not even be for a bash shell. Better just type ./ and never have to change your routine or figure out why it's not working or how to fix it again in the future.
–
indivJun 30 '10 at 18:05